<?php
session_start();



if (isset($_POST["login"])) {
$pass = $_POST["password"];
$login = "true";


$link = mysql_connect("localhost", "root", "root")
    or die("Impossible de se connecter : " . mysql_error());
    
mysql_select_db("doranco",$link);

$query = sprintf("SELECT login, password, age FROM user
    WHERE login='%s' AND password='%s'",
    mysql_real_escape_string($_POST["login"]),
    mysql_real_escape_string(sha1($pass)));


$result = mysql_query($query);

while ($row = mysql_fetch_assoc($result)) {
    //echo "login success";
    
    $_SESSION["login"] = $_POST["login"];
    break;
}


mysql_close($link);

}



if (isset($_GET["logout"]) && $_GET["logout"] == "true") {
unset($_SESSION["login"]);
}

  
?>
<html>
<body>
  <?php
  if (!isset($_SESSION['login'])): 
  
  if (isset($login)) {
    echo "Mot de passe incorrect";
  }
  
  ?>
    <p>Bonjour,<br />
    <form method="POST" action="/login-password.php">
    Merci de rentrer votre pseudo : <input type="text" name="login" value="votre pseudo"/>
    <br /><br />
    Et votre mot de passe : <input type="password" name="password" />
    <input type="submit" value="Valider" />
    </form>
    </p>
  <? else:  ?>
    Bonjour <?=$_SESSION["login"]?>,<br /><br />
    
    Le mot de passe est toto42
  <br /><br />
  
  <a href="?logout=true">Se deconnecter</a>
  
   <a href="secret.php">Secret</a> 
  
  <?php endif?> 
  

</body>


</html>